function callback_init() { $Path = EMLOG_ROOT . "/content/plugins/download/"; $InstallFile = $Path . 'install.php'; if (is_file($InstallFile) === true) { include_once $InstallFile; $Check = DownloadMe_Install_Check(); if ($Check === true) { #"安装成功!"; @rename($InstallFile, $InstallFile . '.Download'); if (is_file($Path . DOWNLOAD_CACHE_NAME . "_Inc.php") === true) { @rename($Path . DOWNLOAD_CACHE_NAME . "_Inc.php", EMLOG_ROOT . "/content/cache/" . DOWNLOAD_CACHE_NAME . "_Inc.php"); } if (is_file($Path . DOWNLOAD_CACHE_NAME . "_Gip.php") === true) { @rename($Path . DOWNLOAD_CACHE_NAME . "_Gip.php", EMLOG_ROOT . "/content/cache/" . DOWNLOAD_CACHE_NAME . "_Gip.php"); } if (is_file($Path . "Version.php") === true) { @unlink($Path . "Version.php"); } } } elseif (is_file($InstallFile . '.Download') === true) { @rename($InstallFile . '.Download', $InstallFile); callback_init(); } else { emMsg('安装文件 ( /content/plugins/download/install.php ) 缺失,请重新下载插件安装包'); } DownloadMe_Up(); # 写入缓存 }
public static function getView($template, $ext = '.php') { if (!is_dir(TEMPLATE_PATH)) { emMsg('当前使用的模板已被删除或损坏,请登录后台更换其他模板。', BLOG_URL . 'admin/template.php'); } return TEMPLATE_PATH . $template . $ext; }
/** * 构造函数 */ function __construct() { if (!function_exists('mysql_connect')) { emMsg('服务器PHP不支持MySql数据库'); } if (!($this->conn = @mysql_connect(SAE_MYSQL_HOST_M . ':' . SAE_MYSQL_PORT, SAE_MYSQL_USER, SAE_MYSQL_PASS))) { switch ($this->geterrno()) { case 2005: emMsg("连接数据库失败,数据库地址错误或者数据库服务器不可用"); break; case 2003: emMsg("连接数据库失败,数据库端口错误"); break; case 2006: emMsg("连接数据库失败,数据库服务器不可用"); break; case 1045: emMsg("连接数据库失败,数据库用户名或密码错误"); break; default: emMsg("连接数据库失败,请检查数据库信息。错误编号:" . $this->geterrno()); break; } } if ($this->getMysqlVersion() > '4.1') { mysql_query("SET NAMES 'utf8'"); } @mysql_select_db(SAE_MYSQL_DB, $this->conn) or emMsg("连接数据库失败,未找到您填写的数据库"); }
/** * 发送查询语句 * */ function query($sql, $ignore_err = FALSE) { $this->result = @mysql_query($sql, $this->conn); $this->queryCount++; if (!$ignore_err && !$this->result) { emMsg("SQL语句执行错误:{$sql} <br />" . $this->geterror()); } else { return $this->result; } }
public static function getInstance() { if (class_exists('mysqli', FALSE)) { return MySqlii::getInstance(); } else { if (class_exists('mysql', FALSE)) { return MySql::getInstance(); } else { emMsg('服务器空间PHP不支持MySql数据库'); } } }
function addComment($params) { $name = isset($_POST['comname']) ? addslashes(trim($_POST['comname'])) : ''; $content = isset($_POST['comment']) ? addslashes(trim($_POST['comment'])) : ''; $mail = isset($_POST['commail']) ? addslashes(trim($_POST['commail'])) : ''; $url = isset($_POST['comurl']) ? addslashes(trim($_POST['comurl'])) : ''; $imgcode = isset($_POST['imgcode']) ? addslashes(trim(strtoupper($_POST['imgcode']))) : ''; $blogId = isset($_POST['gid']) ? intval($_POST['gid']) : -1; $pid = isset($_POST['pid']) ? intval($_POST['pid']) : 0; if (ISLOGIN === true) { $CACHE = Cache::getInstance(); $user_cache = $CACHE->readCache('user'); $name = addslashes($user_cache[UID]['name_orig']); $mail = addslashes($user_cache[UID]['mail']); $url = addslashes(BLOG_URL); } if ($url && strncasecmp($url, 'http', 4)) { $url = 'http://' . $url; } doAction('comment_post'); $Comment_Model = new Comment_Model(); $Comment_Model->setCommentCookie($name, $mail, $url); if ($Comment_Model->isLogCanComment($blogId) === false) { emMsg('评论失败:该文章已关闭评论'); } elseif ($Comment_Model->isCommentExist($blogId, $name, $content) === true) { emMsg('评论失败:已存在相同内容评论'); } elseif (ROLE == ROLE_VISITOR && $Comment_Model->isCommentTooFast() === true) { emMsg('评论失败:您提交评论的速度太快了,请稍后再发表评论'); } elseif (empty($name)) { emMsg('评论失败:请填写姓名'); } elseif (strlen($name) > 20) { emMsg('评论失败:姓名不符合规范'); } elseif ($mail != '' && !checkMail($mail)) { emMsg('评论失败:邮件地址不符合规范'); } elseif (ISLOGIN == false && $Comment_Model->isNameAndMailValid($name, $mail) === false) { emMsg('评论失败:禁止使用管理员昵称或邮箱评论'); } elseif (!empty($url) && preg_match("/^(http|https)\\:\\/\\/[^<>'\"]*\$/", $url) == false) { emMsg('评论失败:主页地址不符合规范', 'javascript:history.back(-1);'); } elseif (empty($content)) { emMsg('评论失败:请填写评论内容'); } elseif (strlen($content) > 8000) { emMsg('评论失败:内容不符合规范'); } elseif (ROLE == ROLE_VISITOR && Option::get('comment_needchinese') == 'y' && !preg_match('/[\\x{4e00}-\\x{9fa5}]/iu', $content)) { emMsg('评论失败:评论内容需包含中文'); } elseif (ISLOGIN == false && Option::get('comment_code') == 'y' && session_start() && (empty($imgcode) || $imgcode !== $_SESSION['code'])) { emMsg('评论失败:验证码错误'); } else { $_SESSION['code'] = null; $Comment_Model->addComment($name, $content, $mail, $url, $imgcode, $blogId, $pid); } }
function delTwitter($tid) { $author = ROLE == ROLE_ADMIN ? '' : 'and author=' . UID; $query = $this->db->query("select img from " . DB_PREFIX . "twitter where id={$tid} {$author}"); $row = $this->db->fetch_array($query); // del tw $this->db->query("DELETE FROM " . DB_PREFIX . "twitter where id={$tid} {$author}"); if ($this->db->affected_rows() < 1) { emMsg('权限不足!', './'); } // del reply $this->db->query("DELETE FROM " . DB_PREFIX . "reply where tid={$tid}"); // del pic if (!empty($row['img'])) { $fpath = str_replace('thum-', '', $row['img']); if ($fpath != $row['img']) { @unlink('../' . $fpath); } @unlink('../' . $row['img']); } }
function plugin_setting_view() { if (!is_writable(EMLOG_ROOT . '/content/templates')) { emMsg('主题文件不可写。如果您使用的是Unix/Linux主机,请修改主题目录 (content/templates) 下所有文件的权限为777。如果您使用的是Windows主机,请联系管理员,将该目录下所有文件设为everyone可写'); } $themeName = isset($_GET['themeName']) ? $_GET['themeName'] : THEMESEDITOR_CTHEME; $themeseditor_theme_list = getThemsList(); $themeseditor_theme_files = getThemFileList($themeName); if (isset($_GET['themeFileName']) && isset($_GET['themeName'])) { $themeFileName = $_GET['themeFileName']; } elseif (isset($_GET['themeName'])) { $themeFileName = $themeseditor_theme_files[0]; } else { $themeFileName = THEMESEDITOR_CFILE; } if (isset($_GET['themeFileName'])) { themeseditor_setting_config($themeName, $themeFileName, null); } $themeseditor_theme_content = getThemFileContent($themeName, $themeFileName); $mode = getEditorMode($themeName, $themeFileName); include EMLOG_ROOT . '/content/plugins/themeseditor/themeseditor_setting_view.php'; }
$pludir = preg_replace("/^([^\\/]+)\\/.*/", "\$1", $plugin); if (true === emDeleteFile('../content/plugins/' . $pludir)) { $CACHE->updateCache('options'); emDirect("./plugin.php?activate_del=1"); } else { emDirect("./plugin.php?error_a=1"); } } //上传zip插件 if ($action == 'upload_zip') { $zipfile = isset($_FILES['pluzip']) ? $_FILES['pluzip'] : ''; if ($zipfile['error'] == 4) { emDirect("./plugin.php?action=install&error_d=1"); } if (!$zipfile || $zipfile['error'] >= 1 || empty($zipfile['tmp_name'])) { emMsg('插件上传失败'); } if (getFileSuffix($zipfile['name']) != 'zip') { emDirect("./plugin.php?action=install&error_a=1"); } $ret = emUnZip($zipfile['tmp_name'], '../content/plugins/', 'plugin'); switch ($ret) { case 0: emDirect("./plugin.php?activate_install=1#tpllib"); break; case -1: emDirect("./plugin.php?action=install&error_e=1"); break; case 1: case 2: emDirect("./plugin.php?action=install&error_b=1");
//密码加密存储 $PHPASS = new PasswordHash(8, true); $adminpw = $PHPASS->HashPassword($adminpw); $dbcharset = 'utf8'; $type = 'MYISAM'; $table_charset_sql = $DB->getMysqlVersion() > '4.1' ? 'ENGINE=' . $type . ' DEFAULT CHARSET=' . $dbcharset . ';' : 'ENGINE=' . $type . ';'; if ($DB->getMysqlVersion() > '4.1') { $DB->query("ALTER DATABASE `{$db_name}` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;", true); } $widgets = Option::getWidgetTitle(); $sider_wg = Option::getDefWidget(); $widget_title = serialize($widgets); $widgets = serialize($sider_wg); define('BLOG_URL', getBlogUrl()); $sql = "\nDROP TABLE IF EXISTS {$db_prefix}blog;\nCREATE TABLE {$db_prefix}blog (\n gid int(10) unsigned NOT NULL auto_increment,\n title varchar(255) NOT NULL default '',\n date bigint(20) NOT NULL,\n content longtext NOT NULL,\n excerpt longtext NOT NULL,\n alias VARCHAR(200) NOT NULL DEFAULT '',\n author int(10) NOT NULL default '1',\n sortid int(10) NOT NULL default '-1',\n type varchar(20) NOT NULL default 'blog',\n views int(10) unsigned NOT NULL default '0',\n comnum int(10) unsigned NOT NULL default '0',\n attnum int(10) unsigned NOT NULL default '0',\n top enum('n','y') NOT NULL default 'n',\n sortop enum('n','y') NOT NULL default 'n',\n hide enum('n','y') NOT NULL default 'n',\n checked enum('n','y') NOT NULL default 'y',\n allow_remark enum('n','y') NOT NULL default 'y',\n password varchar(255) NOT NULL default '',\n template varchar(255) NOT NULL default '',\n PRIMARY KEY (gid),\n KEY date (date),\n KEY author (author),\n KEY sortid (sortid),\n KEY type (type),\n KEY views (views),\n KEY comnum (comnum),\n KEY hide (hide)\n)" . $table_charset_sql . "\nINSERT INTO {$db_prefix}blog (gid,title,date,content,excerpt,author,views,comnum,attnum,top,sortop,hide,allow_remark,password) VALUES (1, '欢迎使用emlog', '" . time() . "', '恭喜您成功安装了emlog,这是系统自动生成的演示文章。编辑或者删除它,然后开始您的创作吧!', '', 1, 0, 0, 0, 'n', 'n', 'n', 'y', '');\nDROP TABLE IF EXISTS {$db_prefix}attachment;\nCREATE TABLE {$db_prefix}attachment (\n aid int(10) unsigned NOT NULL auto_increment,\n blogid int(10) unsigned NOT NULL default '0',\n filename varchar(255) NOT NULL default '',\n filesize int(10) NOT NULL default '0',\n filepath varchar(255) NOT NULL default '',\n addtime bigint(20) NOT NULL default '0',\n width int(10) NOT NULL default '0',\n height int(10) NOT NULL default '0',\n mimetype varchar(40) NOT NULL default '',\n thumfor int(10) NOT NULL default 0,\n PRIMARY KEY (aid),\n KEY blogid (blogid)\n)" . $table_charset_sql . "\nDROP TABLE IF EXISTS {$db_prefix}comment;\nCREATE TABLE {$db_prefix}comment (\n cid int(10) unsigned NOT NULL auto_increment,\n gid int(10) unsigned NOT NULL default '0',\n pid int(10) unsigned NOT NULL default '0',\n date bigint(20) NOT NULL,\n poster varchar(20) NOT NULL default '',\n comment text NOT NULL,\n mail varchar(60) NOT NULL default '',\n url varchar(75) NOT NULL default '',\n ip varchar(128) NOT NULL default '',\n hide enum('n','y') NOT NULL default 'n',\n PRIMARY KEY (cid),\n KEY gid (gid),\n KEY date (date),\n KEY hide (hide)\n)" . $table_charset_sql . "\nDROP TABLE IF EXISTS {$db_prefix}options;\nCREATE TABLE {$db_prefix}options (\noption_id INT( 11 ) UNSIGNED NOT NULL auto_increment,\noption_name VARCHAR( 255 ) NOT NULL ,\noption_value LONGTEXT NOT NULL ,\nPRIMARY KEY (option_id),\nKEY option_name (option_name)\n)" . $table_charset_sql . "\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('blogname','点滴记忆');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('bloginfo','使用emlog搭建的站点');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('site_title','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('site_description','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('site_key','emlog');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('log_title_style','0');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('blogurl','" . BLOG_URL . "');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('icp','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('footer_info','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('admin_perpage_num','15');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('rss_output_num','0');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('rss_output_fulltext','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_lognum','10');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_comnum','10');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_twnum','10');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_newtwnum','5');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_newlognum','5');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_randlognum','5');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('index_hotlognum','5');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_subnum','20');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('nonce_templet','default');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('admin_style','default');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('tpl_sidenum','1');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_code','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_needchinese','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_interval',60);\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isgravatar','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isthumbnail','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('att_maxsize','20480');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('att_type','rar,zip,gif,jpg,jpeg,png,txt,pdf,docx,doc,xls,xlsx');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('att_imgmaxw','420');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('att_imgmaxh','460');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_paging','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_pnum','10');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('comment_order','newer');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('login_code','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('reply_code','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('iscomment','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('ischkcomment','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('ischkreply','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isurlrewrite','0');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isalias','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isalias_html','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isgzipenable','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isxmlrpcenable','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('ismobile','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('isexcerpt','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('excerpt_subnum','300');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('istwitter','y');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('istreply','n');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('topimg','content/templates/default/images/top/default.jpg');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('custom_topimgs','a:0:{}');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('timezone','8');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('active_plugins','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('widget_title','{$widget_title}');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('custom_widget','a:0:{}');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('widgets1','{$widgets}');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('widgets2','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('widgets3','');\nINSERT INTO {$db_prefix}options (option_name, option_value) VALUES ('widgets4','');\nDROP TABLE IF EXISTS {$db_prefix}link;\nCREATE TABLE {$db_prefix}link (\n id int(10) unsigned NOT NULL auto_increment,\n sitename varchar(30) NOT NULL default '',\n siteurl varchar(75) NOT NULL default '',\n description varchar(255) NOT NULL default '',\n hide enum('n','y') NOT NULL default 'n',\n taxis int(10) unsigned NOT NULL default '0',\n PRIMARY KEY (id)\n)" . $table_charset_sql . "\nINSERT INTO {$db_prefix}link (id, sitename, siteurl, description, taxis) VALUES (1, 'emlog', 'http://www.emlog.net', 'emlog官方主页', 0);\nDROP TABLE IF EXISTS {$db_prefix}navi;\nCREATE TABLE {$db_prefix}navi (\n id int(10) unsigned NOT NULL auto_increment,\n naviname varchar(30) NOT NULL default '',\n url varchar(75) NOT NULL default '',\n newtab enum('n','y') NOT NULL default 'n',\n hide enum('n','y') NOT NULL default 'n',\n taxis int(10) unsigned NOT NULL default '0',\n pid int(10) unsigned NOT NULL default '0',\n isdefault enum('n','y') NOT NULL default 'n',\n type tinyint(3) unsigned NOT NULL default '0',\n type_id int(10) unsigned NOT NULL default '0',\n PRIMARY KEY (id)\n)" . $table_charset_sql . "\nINSERT INTO {$db_prefix}navi (id, naviname, url, taxis, isdefault, type) VALUES (1, '首页', '', 1, 'y', 1);\nINSERT INTO {$db_prefix}navi (id, naviname, url, taxis, isdefault, type) VALUES (2, '微语', 't', 2, 'y', 2);\nINSERT INTO {$db_prefix}navi (id, naviname, url, taxis, isdefault, type) VALUES (3, '登录', 'admin', 3, 'y', 3);\nDROP TABLE IF EXISTS {$db_prefix}tag;\nCREATE TABLE {$db_prefix}tag (\n tid int(10) unsigned NOT NULL auto_increment,\n tagname varchar(60) NOT NULL default '',\n gid text NOT NULL,\n PRIMARY KEY (tid),\n KEY tagname (tagname)\n)" . $table_charset_sql . "\nDROP TABLE IF EXISTS {$db_prefix}sort;\nCREATE TABLE {$db_prefix}sort (\n sid int(10) unsigned NOT NULL auto_increment,\n sortname varchar(255) NOT NULL default '',\n alias VARCHAR(200) NOT NULL DEFAULT '',\n taxis int(10) unsigned NOT NULL default '0',\n pid int(10) unsigned NOT NULL default '0',\n description text NOT NULL,\n template varchar(255) NOT NULL default '',\n PRIMARY KEY (sid)\n)" . $table_charset_sql . "\nDROP TABLE IF EXISTS {$db_prefix}twitter;\nCREATE TABLE {$db_prefix}twitter (\nid INT NOT NULL AUTO_INCREMENT,\ncontent text NOT NULL,\nimg varchar(200) DEFAULT NULL,\nauthor int(10) NOT NULL default '1',\ndate bigint(20) NOT NULL,\nreplynum int(10) unsigned NOT NULL default '0',\nPRIMARY KEY (id),\nKEY author (author)\n)" . $table_charset_sql . "\nINSERT INTO {$db_prefix}twitter (id, content, img, author, date, replynum) VALUES (1, '使用微语记录您身边的新鲜事', '', 1, '" . time() . "', 0);\nDROP TABLE IF EXISTS {$db_prefix}reply;\nCREATE TABLE {$db_prefix}reply (\n id int(10) unsigned NOT NULL auto_increment,\n tid int(10) unsigned NOT NULL default '0',\n date bigint(20) NOT NULL,\n name varchar(20) NOT NULL default '',\n content text NOT NULL,\n hide enum('n','y') NOT NULL default 'n',\n ip varchar(128) NOT NULL default '',\n PRIMARY KEY (id),\n KEY gid (tid),\n KEY hide (hide)\n)" . $table_charset_sql . "\nDROP TABLE IF EXISTS {$db_prefix}user;\nCREATE TABLE {$db_prefix}user (\n uid int(10) unsigned NOT NULL auto_increment,\n username varchar(32) NOT NULL default '',\n password varchar(64) NOT NULL default '',\n nickname varchar(20) NOT NULL default '',\n role varchar(60) NOT NULL default '',\n ischeck enum('n','y') NOT NULL default 'n',\n photo varchar(255) NOT NULL default '',\n email varchar(60) NOT NULL default '',\n description varchar(255) NOT NULL default '',\nPRIMARY KEY (uid),\nKEY username (username)\n)" . $table_charset_sql . "\nINSERT INTO {$db_prefix}user (uid, username, password, role) VALUES (1,'{$admin}','" . $adminpw . "','admin');"; $array_sql = preg_split("/;[\r\n]/", $sql); foreach ($array_sql as $sql) { $sql = trim($sql); if ($sql) { $DB->query($sql); } } //重建缓存 $CACHE->updateCache(); $result .= "\n\t\t<p style=\"font-size:24px; border-bottom:1px solid #E6E6E6; padding:10px 0px;\">恭喜,安装成功!</p>\n\t\t<p>您的emlog已经安装好了,现在可以开始您的创作了,就这么简单!</p>\n\t\t<p><b>用户名</b>:{$admin}</p>\n\t\t<p><b>密 码</b>:您刚才设定的密码</p>"; if (DEL_INSTALLER === 1 && !@unlink('./install.php') || DEL_INSTALLER === 0) { $result .= '<p style="color:red;margin:10px 20px;">警告:请手动删除根目录下安装文件:install.php</p> '; } $result .= "<p style=\"text-align:right;\"><a href=\"./\">访问首页</a> | <a href=\"./admin/\">登录后台</a></p>"; emMsg($result, 'none'); }
} $DB = Database::getInstance(); $setchar = $DB->getMysqlVersion() > '4.1' ? "ALTER DATABASE `" . DB_NAME . "` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;" : ''; $temp_file = emFecthFile(OFFICIAL_SERVICE_HOST . $upsql); if (!$temp_file) { exit('error_down'); } $sql = file($temp_file); @unlink($temp_file); array_unshift($sql, $setchar); $query = ''; foreach ($sql as $value) { if (!$value || $value[0] == '#') { continue; } $value = str_replace("{db_prefix}", DB_PREFIX, trim($value)); if (preg_match("/\\;\$/i", $value)) { $query .= $value; $DB->query($query); $query = ''; } else { $query .= $value; } } $CACHE->updateCache(); exit('succ'); } //phpinfo() if ($action == 'phpinfo') { @phpinfo() or emMsg("phpinfo函数被禁用!"); }
/** * 检查token,防御CSRF攻击 */ public static function checkToken() { $token = isset($_REQUEST['token']) ? addslashes($_REQUEST['token']) : ''; if ($token != self::genToken()) { emMsg('权限不足,token error'); } }
/** * 手机版本 * * @copyright (c) Emlog All Rights Reserved */ require_once '../init.php'; define('TEMPLATE_PATH', EMLOG_ROOT . '/m/view/'); $isgzipenable = 'n'; //手机浏览关闭gzip压缩 $index_lognum = 5; $site_title = Option::get('blogname'); $logid = isset($_GET['post']) ? intval($_GET['post']) : ''; $action = isset($_GET['action']) ? addslashes($_GET['action']) : ''; if (Option::get('ismobile') == 'n') { emMsg('站点未开启手机访问', BLOG_URL); } $navi_cache = $CACHE->readCache('navi'); $user_cache = $CACHE->readCache('user'); // 首页 if (empty($action) && empty($logid)) { $Log_Model = new Log_Model(); $page = isset($_GET['page']) ? abs(intval($_GET['page'])) : 1; $sqlSegment = "ORDER BY top DESC ,date DESC"; $sta_cache = $CACHE->readCache('sta'); $lognum = $sta_cache['lognum']; $pageurl = './?page='; $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum); $page_url = pagination($lognum, $index_lognum, $page, $pageurl); include View::getView('header'); include View::getView('log');
//安装模板 if ($action == 'install') { include View::getView('header'); require_once View::getView('template_install'); include View::getView('footer'); View::output(); } //上传zip模板 if ($action == 'upload_zip') { LoginAuth::checkToken(); $zipfile = isset($_FILES['tplzip']) ? $_FILES['tplzip'] : ''; if ($zipfile['error'] == 4) { emDirect("./template.php?action=install&error_d=1"); } if (!$zipfile || $zipfile['error'] >= 1 || empty($zipfile['tmp_name'])) { emMsg('模板上传失败'); } if (getFileSuffix($zipfile['name']) != 'zip') { emDirect("./template.php?action=install&error_a=1"); } $ret = emUnZip($zipfile['tmp_name'], '../content/templates/', 'tpl'); switch ($ret) { case 0: emDirect("./template.php?activate_install=1#tpllib"); break; case -2: emDirect("./template.php?action=install&error_e=1"); break; case 1: case 2: emDirect("./template.php?action=install&error_b=1");
$CACHE->updateCache(array('sort', 'logsort')); emDirect("./admin_log.php?active_move=1"); break; case 'change_author': if (ROLE != ROLE_ADMIN) { emMsg('权限不足!', './'); } foreach ($logs as $val) { $Log_Model->updateLog(array('author' => $author), $val); } $CACHE->updateCache('sta'); emDirect("./admin_log.php?active_change_author=1"); break; case 'check': if (ROLE != ROLE_ADMIN) { emMsg('权限不足!', './'); } $Log_Model->checkSwitch($gid, 'y'); $CACHE->updateCache(); emDirect("./admin_log.php?active_ck=1"); break; case 'uncheck': if (ROLE != ROLE_ADMIN) { emMsg('权限不足!', './'); } $Log_Model->checkSwitch($gid, 'n'); $CACHE->updateCache(); emDirect("./admin_log.php?active_unck=1"); break; } }
/** * 发送查询语句 */ function query($sql, $ignore_err = FALSE) { $this->result = $this->conn->query($sql); $this->queryCount++; if (!$ignore_err && 1046 == $this->geterrno()) { emMsg("连接数据库失败,请填写数据库名"); } if (!$ignore_err && !$this->result) { emMsg("SQL语句执行错误: {$sql}<br />" . $this->geterror()); } else { return $this->result; } }
/** * 写入缓存 */ function cacheWrite($cacheData, $cacheName) { $cachefile = EMLOG_ROOT . '/content/cache/' . $cacheName . '.php'; $cacheData = "<?php exit;//" . $cacheData; @($fp = fopen($cachefile, 'wb')) or emMsg('读取缓存失败。如果您使用的是Unix/Linux主机,请修改缓存目录 (content/cache) 下所有文件的权限为777。如果您使用的是Windows主机,请联系管理员,将该目录下所有文件设为可写'); @($fw = fwrite($fp, $cacheData)) or emMsg('写入缓存失败,缓存目录 (content/cache) 不可写'); $this->{$cacheName . '_cache'} = null; fclose($fp); }
//删除附件 if ($action == 'del_attach') { LoginAuth::checkToken(); $aid = isset($_GET['aid']) ? intval($_GET['aid']) : ''; $query = $DB->query("SELECT * FROM " . DB_PREFIX . "attachment WHERE aid = {$aid} "); $attach = $DB->fetch_array($query); $logid = $attach['blogid']; if (file_exists($attach['filepath'])) { @unlink($attach['filepath']) or emMsg("删除附件失败!"); } deleteQiNiu($attach['filepath']); $query = $DB->query("SELECT * FROM " . DB_PREFIX . "attachment WHERE thumfor = " . $attach['aid']); $thum_attach = $DB->fetch_array($query); if ($thum_attach) { if (file_exists($thum_attach['filepath'])) { @unlink($thum_attach['filepath']) or emMsg("删除附件失败!"); } $DB->query("DELETE FROM " . DB_PREFIX . "attachment WHERE aid = {$thum_attach['aid']} "); } $DB->query("UPDATE " . DB_PREFIX . "blog SET attnum=attnum-1 WHERE gid = {$attach['blogid']}"); $DB->query("DELETE FROM " . DB_PREFIX . "attachment WHERE aid = {$attach['aid']} "); emDirect("attachment.php?action=attlib&logid={$logid}"); } //微语图片上传 if ($action == 'upload_tw_img') { $attach = isset($_FILES['attach']) ? $_FILES['attach'] : ''; if ($attach) { $file_info = uploadFile($attach['name'], $attach['error'], $attach['tmp_name'], $attach['size'], Option::getAttType(), false, false); $w = $file_info['width']; $h = $file_info['height']; if ($w > Option::T_IMG_MAX_W || $h > Option::T_IMG_MAX_H) {
if ($comment_order == 'newer') { $ex3 = 'selected="selected"'; } else { $ex4 = 'selected="selected"'; } include View::getView('header'); require_once View::getView('configure'); include View::getView('footer'); View::output(); } if ($action == 'mod_config') { LoginAuth::checkToken(); $getData = array('blogname' => isset($_POST['blogname']) ? addslashes($_POST['blogname']) : '', 'blogurl' => isset($_POST['blogurl']) ? addslashes($_POST['blogurl']) : '', 'bloginfo' => isset($_POST['bloginfo']) ? addslashes($_POST['bloginfo']) : '', 'icp' => isset($_POST['icp']) ? addslashes($_POST['icp']) : '', 'footer_info' => isset($_POST['footer_info']) ? addslashes($_POST['footer_info']) : '', 'index_lognum' => isset($_POST['index_lognum']) ? intval($_POST['index_lognum']) : '', 'timezone' => isset($_POST['timezone']) ? floatval($_POST['timezone']) : '', 'login_code' => isset($_POST['login_code']) ? addslashes($_POST['login_code']) : 'n', 'comment_code' => isset($_POST['comment_code']) ? addslashes($_POST['comment_code']) : 'n', 'comment_needchinese' => isset($_POST['comment_needchinese']) ? addslashes($_POST['comment_needchinese']) : 'n', 'comment_interval' => isset($_POST['comment_interval']) ? intval($_POST['comment_interval']) : 15, 'iscomment' => isset($_POST['iscomment']) ? addslashes($_POST['iscomment']) : 'n', 'ischkcomment' => isset($_POST['ischkcomment']) ? addslashes($_POST['ischkcomment']) : 'n', 'isgzipenable' => isset($_POST['isgzipenable']) ? addslashes($_POST['isgzipenable']) : 'n', 'isxmlrpcenable' => isset($_POST['isxmlrpcenable']) ? addslashes($_POST['isxmlrpcenable']) : 'n', 'ismobile' => isset($_POST['ismobile']) ? addslashes($_POST['ismobile']) : 'n', 'isexcerpt' => isset($_POST['isexcerpt']) ? addslashes($_POST['isexcerpt']) : 'n', 'excerpt_subnum' => isset($_POST['excerpt_subnum']) ? intval($_POST['excerpt_subnum']) : '300', 'isthumbnail' => isset($_POST['isthumbnail']) ? addslashes($_POST['isthumbnail']) : 'n', 'rss_output_num' => isset($_POST['rss_output_num']) ? intval($_POST['rss_output_num']) : 10, 'rss_output_fulltext' => isset($_POST['rss_output_fulltext']) ? addslashes($_POST['rss_output_fulltext']) : 'y', 'isgravatar' => isset($_POST['isgravatar']) ? addslashes($_POST['isgravatar']) : 'n', 'comment_paging' => isset($_POST['comment_paging']) ? addslashes($_POST['comment_paging']) : 'n', 'comment_pnum' => isset($_POST['comment_pnum']) ? intval($_POST['comment_pnum']) : '', 'comment_order' => isset($_POST['comment_order']) ? addslashes($_POST['comment_order']) : 'newer', 'istwitter' => isset($_POST['istwitter']) ? addslashes($_POST['istwitter']) : 'n', 'istreply' => isset($_POST['istreply']) ? addslashes($_POST['istreply']) : 'n', 'ischkreply' => isset($_POST['ischkreply']) ? addslashes($_POST['ischkreply']) : 'n', 'reply_code' => isset($_POST['reply_code']) ? addslashes($_POST['reply_code']) : 'n', 'index_twnum' => isset($_POST['index_twnum']) ? intval($_POST['index_twnum']) : 10, 'att_maxsize' => isset($_POST['att_maxsize']) ? intval($_POST['att_maxsize']) : 20480, 'att_type' => isset($_POST['att_type']) ? str_replace('php', 'x', strtolower(addslashes($_POST['att_type']))) : '', 'att_imgmaxw' => isset($_POST['att_imgmaxw']) ? intval($_POST['att_imgmaxw']) : 420, 'att_imgmaxh' => isset($_POST['att_imgmaxh']) ? intval($_POST['att_imgmaxh']) : 460); if ($getData['login_code'] == 'y' && !function_exists("imagecreate") && !function_exists('imagepng')) { emMsg("开启登录验证码失败!服务器空间不支持GD图形库", "configure.php"); } if ($getData['comment_code'] == 'y' && !function_exists("imagecreate") && !function_exists('imagepng')) { emMsg("开启评论验证码失败!服务器空间不支持GD图形库", "configure.php"); } if ($getData['blogurl'] && substr($getData['blogurl'], -1) != '/') { $getData['blogurl'] .= '/'; } if ($getData['blogurl'] && strncasecmp($getData['blogurl'], 'http', 4)) { $getData['blogurl'] = 'http://' . $getData['blogurl']; } foreach ($getData as $key => $val) { Option::updateOption($key, $val); } $CACHE->updateCache(array('tags', 'options', 'comment', 'record')); emDirect("./configure.php?activated=1"); }
<?php /** * 微语 * @copyright (c) Emlog All Rights Reserved */ require_once '../init.php'; define('TEMPLATE_PATH', TPLS_PATH . Option::get('nonce_templet') . '/'); //前台模板路径 $action = isset($_GET['action']) ? addslashes($_GET['action']) : ''; if (Option::get('istwitter') == 'n') { emMsg('抱歉,微语未开启前台访问!', BLOG_URL); } if ($action == 'cal') { Calendar::generate(); } if ($action == '') { $user_cache = $CACHE->readCache('user'); $options_cache = Option::getAll(); extract($options_cache); $Twitter_Model = new Twitter_Model(); $Navi_Model = new Navi_Model(); $page = isset($_GET['page']) ? intval($_GET['page']) : 1; $tws = $Twitter_Model->getTwitters($page); $twnum = $Twitter_Model->getTwitterNum(); $pageurl = pagination($twnum, Option::get('index_twnum'), $page, BLOG_URL . 't/?page='); $avatar = empty($user_cache[UID]['avatar']) ? '../admin/views/images/avatar.jpg' : '../' . $user_cache[UID]['avatar']; $rcode = Option::get('reply_code') == 'y' ? "<img src=\"" . DYNAMIC_BLOGURL . "?action=ckcode&mode=t\" />" : ''; $site_title = $Navi_Model->getNaviNameByType(Navi_Model::navitype_t) . ' - ' . $site_title; include View::getView('header'); require_once View::getView('t');
/** * 显示404错误页面 * */ function show_404_page() { if (is_file(TEMPLATE_PATH . '404.php')) { header("HTTP/1.1 404 Not Found"); include View::getView('404'); exit; } else { emMsg('404', BLOG_URL); } }
/** * 删除文章 * * @param int $blogId */ function deleteLog($blogId) { $author = ROLE == ROLE_ADMIN ? '' : 'and author=' . UID; $this->db->query("DELETE FROM " . DB_PREFIX . "blog where gid={$blogId} {$author}"); if ($this->db->affected_rows() < 1) { emMsg('权限不足!', './'); } // 评论 $this->db->query("DELETE FROM " . DB_PREFIX . "comment where gid={$blogId}"); // 标签 $this->db->query("UPDATE " . DB_PREFIX . "tag SET gid= REPLACE(gid,',{$blogId},',',') WHERE gid LIKE '%" . $blogId . "%' "); $this->db->query("DELETE FROM " . DB_PREFIX . "tag WHERE gid=',' "); // 附件 $query = $this->db->query("select filepath from " . DB_PREFIX . "attachment where blogid={$blogId} "); while ($attach = $this->db->fetch_array($query)) { if (file_exists($attach['filepath'])) { $fpath = str_replace('thum-', '', $attach['filepath']); if ($fpath != $attach['filepath']) { @unlink($fpath); } @unlink($attach['filepath']); } } $this->db->query("DELETE FROM " . DB_PREFIX . "attachment where blogid={$blogId}"); }
function isYoursComment($cid) { if (ROLE == ROLE_ADMIN || ROLE == ROLE_VISITOR) { return true; } $query = $this->db->query("SELECT a.cid FROM " . DB_PREFIX . "comment as a," . DB_PREFIX . "blog as b WHERE a.cid={$cid} and a.gid=b.gid AND b.author=" . UID); $result = $this->db->num_rows($query); if ($result <= 0) { emMsg('权限不足!', './'); } }
/** * 发送查询语句 * */ function query($sql) { $this->result = $this->conn->query($sql); $this->queryCount++; if (!$this->result) { emMsg("SQL语句执行错误: {$sql}<br />" . $this->geterror()); } else { return $this->result; } }
function plugin_setting() { $time_limit = isset($_POST['time_limit']) ? intval(trim($_POST['time_limit'])) : 0; $need_chinese = isset($_POST['need_chinese']) ? intval($_POST['need_chinese']) : 0; $blacklist = isset($_POST['blacklist']) ? trim($_POST['blacklist']) : ''; $auto_blacklist = isset($_POST['auto_blacklist']) ? intval($_POST['auto_blacklist']) : 0; $max_attempt = isset($_POST['max_attempt']) ? intval(trim($_POST['max_attempt'])) : 0; $keywords = isset($_POST['keywords']) ? trim($_POST['keywords']) : ''; $name_keywords = isset($_POST['name_keywords']) ? trim($_POST['name_keywords']) : ''; $url_keywords = isset($_POST['url_keywords']) ? trim($_POST['url_keywords']) : ''; $data = serialize(array('time_limit' => $time_limit, 'need_chinese' => $need_chinese, 'blacklist' => preg_split("/[\r\n]+/", $blacklist), 'auto_blacklist' => $auto_blacklist, 'max_attempt' => $max_attempt, 'keywords' => $keywords, 'name_keywords' => $name_keywords, 'url_keywords' => preg_split("/[\r\n]+/", $url_keywords))); $file = EMLOG_ROOT . '/content/plugins/anti_spam_comment/data'; @($fp = fopen($file, 'wb')) or emMsg('读取文件失败,如果您使用的是Unix/Linux主机,请修改文件/content/plugins/anti_spam_comment/data的权限为777。如果您使用的是Windows主机,请联系管理员,将该文件设为everyone可写'); @($fw = fwrite($fp, $data)) or emMsg('写入文件失败,如果您使用的是Unix/Linux主机,请修改文件/content/plugins/anti_spam_comment/data的权限为777。如果您使用的是Windows主机,请联系管理员,将该文件设为everyone可写'); fclose($fp); return TRUE; }
<img style="border:0px; padding:5px 5px 5px;" src="' . substr($photo['filename'], 1, strlen($photo['filename'])) . '" /></a> </li>'; } $log_content .= '</ul></div><div id="pagenavi">' . $pageurl . '<span>(共有' . $page_all_no . '张相片)</span></div>'; } } else { $log_content .= '参数错误。'; } $allow_remark = 'n'; $logid = ''; addAction('index_head', 'kl_album_show_js'); include View::getView('header'); include View::getView('page'); } } else { emMsg('不存在的页面!'); } function kl_album_show_js() { $active_plugins = Option::get('active_plugins'); echo '<script type="text/javascript" src="./content/plugins/kl_album/js/jquery.lazyload.mini.js"></script> <script type="text/javascript" src="./content/plugins/kl_album/js/jquery.lightbox-0.5.js"></script> <link rel="stylesheet" type="text/css" href="./content/plugins/kl_album/css/jquery.lightbox-0.5.css" media="screen" /> <script type="text/javascript"> jQuery(function($){ $(\'img\').lazyload({effect:\'fadeIn\',placeholder:\'./content/plugins/kl_album/images/grey.gif\',threshold:200}); $(\'#kl_album_photo_list a\').lightBox(); $(\'#kl_album_list img, #kl_album_photo_list img\').mouseover(function(){ $(this).css(\'border\', \'1px solid green\')}); $(\'#kl_album_list img, #kl_album_photo_list img\').mouseout(function(){ $(this).css(\'border\', \'0px\')}); }); </script>';
function ascMsg($msg, $url = 'javascript:history.back(-1);') { if (isset($_GET['gid'])) { define('TEMPLATE_PATH', EMLOG_ROOT . '/m/view/'); $url = BLOG_URL . 'm/?post=' . intval($_GET['gid']); include View::getView('header'); include View::getView('msg'); include View::getView('footer'); View::output(); exit; } else { emMsg($msg, $url); } }
} } if ($action == 'reply_comment') { include View::getView('header'); $commentId = isset($_GET['cid']) ? intval($_GET['cid']) : ''; $commentArray = $Comment_Model->getOneComment($commentId); extract($commentArray); require_once View::getView('comment_reply'); include View::getView('footer'); View::output(); } if ($action == 'edit_comment') { $commentId = isset($_GET['cid']) ? intval($_GET['cid']) : ''; $commentArray = $Comment_Model->getOneComment($commentId, FALSE); if (!$commentArray) { emMsg('不存在该评论!', './comment.php'); } extract($commentArray); include View::getView('header'); require_once View::getView('comment_edit'); include View::getView('footer'); View::output(); } if ($action == 'doreply') { $reply = isset($_POST['reply']) ? trim(addslashes($_POST['reply'])) : ''; $commentId = isset($_POST['cid']) ? intval($_POST['cid']) : ''; $blogId = isset($_POST['gid']) ? intval($_POST['gid']) : ''; $hide = isset($_POST['hide']) ? addslashes($_POST['hide']) : 'n'; if ($reply == '') { emDirect("./comment.php?error_c=1"); }
/** * 检查备份文件头信息 * * @param file $sqlfile */ function checkSqlFileInfo($sqlfile) { $fp = @fopen($sqlfile, 'r'); if (!$fp) { emMsg('导入失败!读取文件失败'); } $dumpinfo = array(); $line = 0; while (!feof($fp)) { $dumpinfo[] = fgets($fp, 4096); $line++; if ($line == 3) { break; } } fclose($fp); if (empty($dumpinfo)) { emMsg('导入失败!该备份文件不是 emlog的备份文件!'); } if (!preg_match('/#version:emlog ' . Option::EMLOG_VERSION . '/', $dumpinfo[0])) { emMsg('导入失败!该备份文件不是emlog' . Option::EMLOG_VERSION . '生成的备份!'); } if (preg_match('/#tableprefix:' . DB_PREFIX . '/', $dumpinfo[2]) === 0) { emMsg('导入失败!备份文件中的数据库表前缀与当前系统数据库表前缀不匹配' . $dumpinfo[2]); } }
$usernum = $Vip_model->getUserNum(' where regist=' . $regist); } $pageurl = pagination($usernum, Option::get('admin_perpage_num'), $page, "./vip.php?page="); include View::getView('header'); require_once View::getView('vip'); include View::getView('footer'); View::output(); } //上传excel if ($action == 'upload') { $vipfile = isset($_FILES['vipfile']) ? $_FILES['vipfile'] : ''; if ($vipfile['error'] == 4) { emDirect("./vip.php?error_d=1"); } if (!$vipfile || $vipfile['error'] >= 1 || empty($vipfile['tmp_name'])) { emMsg('上传失败'); } if (getFileSuffix($vipfile['name']) != 'xls') { emDirect("./vip.php?error_a=1"); } set_include_path(get_include_path() . PATH_SEPARATOR . '../Classes/'); /** PHPExcel_IOFactory */ include 'PHPExcel/IOFactory.php'; $inputFileName = $vipfile['tmp_name']; $objReader = new PHPExcel_Reader_Excel5(); // $objReader = new PHPExcel_Reader_Excel2007(); // $objReader = new PHPExcel_Reader_Excel2003XML(); // $objReader = new PHPExcel_Reader_OOCalc(); // $objReader = new PHPExcel_Reader_SYLK(); // $objReader = new PHPExcel_Reader_Gnumeric(); // $objReader = new PHPExcel_Reader_CSV();